Loading services/core/java/com/android/server/am/ProcessList.java +65 −17 Original line number Diff line number Diff line Loading @@ -1676,6 +1676,57 @@ public final class ProcessList { return gidArray; } private boolean shouldEnableMemoryTagging(ProcessRecord app) { // Ensure the hardware + kernel actually supports MTE. if (!Zygote.nativeSupportsMemoryTagging()) { return false; } // Enable MTE for system apps if supported. if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { return true; } // Enable MTE if the compat feature is enabled. if (mPlatformCompat.isChangeEnabled(NATIVE_MEMORY_TAGGING, app.info)) { return true; } return false; } private boolean shouldEnableTaggedPointers(ProcessRecord app) { // Ensure we have platform + kernel support for TBI. if (!Zygote.nativeSupportsTaggedPointers()) { return false; } // Check to ensure the app hasn't explicitly opted-out of TBI via. the manifest attribute. if (!app.info.allowsNativeHeapPointerTagging()) { return false; } // Check to see that the compat feature for TBI is enabled. if (!mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING, app.info)) { return false; } return true; } private int decideTaggingLevel(ProcessRecord app) { // Check MTE support first, as it should take precedence over TBI. if (shouldEnableMemoryTagging(app)) { return Zygote.MEMORY_TAG_LEVEL_ASYNC; } if (shouldEnableTaggedPointers(app)) { return Zygote.MEMORY_TAG_LEVEL_TBI; } return 0; } private int decideGwpAsanLevel(ProcessRecord app) { // Look at the process attribute first. if (app.processInfo != null Loading Loading @@ -1864,23 +1915,6 @@ public final class ProcessList { runtimeFlags |= Zygote.USE_APP_IMAGE_STARTUP_CACHE; } if (Zygote.nativeSupportsMemoryTagging()) { // System apps are generally more privileged than regular apps, and don't have the // same app compat concerns as regular apps, so we enable async tag checks for all // of their processes. if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0 || mPlatformCompat.isChangeEnabled(NATIVE_MEMORY_TAGGING, app.info)) { runtimeFlags |= Zygote.MEMORY_TAG_LEVEL_ASYNC; } } else if (Zygote.nativeSupportsTaggedPointers()) { // Enable heap pointer tagging if supported by the kernel, unless disabled by the // app manifest, target sdk level, or compat feature. if (app.info.allowsNativeHeapPointerTagging() && mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING, app.info)) { runtimeFlags |= Zygote.MEMORY_TAG_LEVEL_TBI; } } runtimeFlags |= decideGwpAsanLevel(app); String invokeWith = null; Loading Loading @@ -1911,6 +1945,20 @@ public final class ProcessList { app.setRequiredAbi(requiredAbi); app.instructionSet = instructionSet; // If instructionSet is non-null, this indicates that the system_server is spawning a // process with an ISA that may be different from its own. System (kernel and hardware) // compatililty for these features is checked in the decideTaggingLevel in the // system_server process (not the child process). As both MTE and TBI are only supported // in aarch64, we can simply ensure that the new process is also aarch64. This prevents // the mismatch where a 64-bit system server spawns a 32-bit child that thinks it should // enable some tagging variant. Theoretically, a 32-bit system server could exist that // spawns 64-bit processes, in which case the new process won't get any tagging. This is // fine as we haven't seen this configuration in practice, and we can reasonable assume // that if tagging is desired, the system server will be 64-bit. if (instructionSet == null || instructionSet.equals("arm64")) { runtimeFlags |= decideTaggingLevel(app); } // the per-user SELinux context must be set if (TextUtils.isEmpty(app.info.seInfoUser)) { Slog.wtf(ActivityManagerService.TAG, "SELinux tag not defined", Loading Loading
services/core/java/com/android/server/am/ProcessList.java +65 −17 Original line number Diff line number Diff line Loading @@ -1676,6 +1676,57 @@ public final class ProcessList { return gidArray; } private boolean shouldEnableMemoryTagging(ProcessRecord app) { // Ensure the hardware + kernel actually supports MTE. if (!Zygote.nativeSupportsMemoryTagging()) { return false; } // Enable MTE for system apps if supported. if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { return true; } // Enable MTE if the compat feature is enabled. if (mPlatformCompat.isChangeEnabled(NATIVE_MEMORY_TAGGING, app.info)) { return true; } return false; } private boolean shouldEnableTaggedPointers(ProcessRecord app) { // Ensure we have platform + kernel support for TBI. if (!Zygote.nativeSupportsTaggedPointers()) { return false; } // Check to ensure the app hasn't explicitly opted-out of TBI via. the manifest attribute. if (!app.info.allowsNativeHeapPointerTagging()) { return false; } // Check to see that the compat feature for TBI is enabled. if (!mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING, app.info)) { return false; } return true; } private int decideTaggingLevel(ProcessRecord app) { // Check MTE support first, as it should take precedence over TBI. if (shouldEnableMemoryTagging(app)) { return Zygote.MEMORY_TAG_LEVEL_ASYNC; } if (shouldEnableTaggedPointers(app)) { return Zygote.MEMORY_TAG_LEVEL_TBI; } return 0; } private int decideGwpAsanLevel(ProcessRecord app) { // Look at the process attribute first. if (app.processInfo != null Loading Loading @@ -1864,23 +1915,6 @@ public final class ProcessList { runtimeFlags |= Zygote.USE_APP_IMAGE_STARTUP_CACHE; } if (Zygote.nativeSupportsMemoryTagging()) { // System apps are generally more privileged than regular apps, and don't have the // same app compat concerns as regular apps, so we enable async tag checks for all // of their processes. if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0 || mPlatformCompat.isChangeEnabled(NATIVE_MEMORY_TAGGING, app.info)) { runtimeFlags |= Zygote.MEMORY_TAG_LEVEL_ASYNC; } } else if (Zygote.nativeSupportsTaggedPointers()) { // Enable heap pointer tagging if supported by the kernel, unless disabled by the // app manifest, target sdk level, or compat feature. if (app.info.allowsNativeHeapPointerTagging() && mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING, app.info)) { runtimeFlags |= Zygote.MEMORY_TAG_LEVEL_TBI; } } runtimeFlags |= decideGwpAsanLevel(app); String invokeWith = null; Loading Loading @@ -1911,6 +1945,20 @@ public final class ProcessList { app.setRequiredAbi(requiredAbi); app.instructionSet = instructionSet; // If instructionSet is non-null, this indicates that the system_server is spawning a // process with an ISA that may be different from its own. System (kernel and hardware) // compatililty for these features is checked in the decideTaggingLevel in the // system_server process (not the child process). As both MTE and TBI are only supported // in aarch64, we can simply ensure that the new process is also aarch64. This prevents // the mismatch where a 64-bit system server spawns a 32-bit child that thinks it should // enable some tagging variant. Theoretically, a 32-bit system server could exist that // spawns 64-bit processes, in which case the new process won't get any tagging. This is // fine as we haven't seen this configuration in practice, and we can reasonable assume // that if tagging is desired, the system server will be 64-bit. if (instructionSet == null || instructionSet.equals("arm64")) { runtimeFlags |= decideTaggingLevel(app); } // the per-user SELinux context must be set if (TextUtils.isEmpty(app.info.seInfoUser)) { Slog.wtf(ActivityManagerService.TAG, "SELinux tag not defined", Loading
